For some URL's I think it can be good to remove ID's, eg:

domain.com/username

as supposed to:

domain.com/45243/username

As long as username is of course unique, and the URL normalized version is also unique

Our company's website just did a total redesign for our web portal that our clients use to make orders. The combination of some links not working and clients still using IE8 has been giving our department so many tickets.

Since the new release, the server cpus/ram have been under heavy load and our sys admins and developers have been in a battle of pointing fingers of who to blame.

I'm confident though our developers can fix this, but it's funny how the account managers are really stirring up a storm and so far it's been my responsibility of calming their nerves.

Dont get me started on IE8 related bugs. Sigh

The thing that really annoys me too is that we tested this in IE8 and everything seems to work fine except the cosmetic issues we are aware of. We get reports of clients getting timed out to a white screen, all unproducible on our end, so it has to be some kind of setting on their browsers.

I wasn't aware of this issue. I can have 30 tabs open on what I've built, but then again, the only thing I use cookies for is to track previous page and redirect back to previously viewed page after login.

Yeah, I didn't state that well. I didn't really want to go further, but basically, this is how I create comment + reply forms:

Obviously, this isn't exactly what I do, but it seems redundant to use url parameters when the above works just fine. I'd also prefer to redirect directly via the path parameters from the database instead of cookies, but once again, a preference thing.

I agree wholeheartedly. I'd also posit that it is outright insane to not have unique usernames.

This is where I get all new-agey and point out this is why developers should be involved in sys admin.

Dave, not sure if I was clear, I just mean that if you track state (like which thread is open) in a cookie/session instead of in the url you have problems with a user trying to have multiple independent tabs at the same time (like reading through different threads in different tabs).

There's nothing inherent about cookies/session requiring only a single tab being open, but that if you don't keep it to information that is always true for that user in a global sense then you get into issues when they try to do different stuff at the same time.

What do you mean? Cookies that are set in one tab will be sent when you make requests from another tab.... it's just based on the domain.

That's my point. I'm not sure if I'm saying it very well though.

Let's look at how we want to record the thread I'm looking at.

Option 1: Part of the url.

I can have tab 1 at www.2+2/191/thread-123/post-456
and tab 2 at www.2+2/191/thread-abc/post-def.

Option 2: In the session:

My session has thread=123, post=456

But that session is shared across all of the tabs. So how do I browse two threads at the same time without one tab screwing up the other?

oh yes gotcha. of course. url parameters have many legitimate uses that have little to no risk. i think dave is just misunderstanding some things.

If you are saying that you should prefer to use url parameters to prevent state, then yes, I agree here. The code I posted above prevents state, but uses arguments to the page and form rendering functions. In this sense, I really don't see a difference between url parameters and not using them. I never thought of using cookies for this stuff. Obviously, I would use session parameters to keep people logged in, but that is still relatively stateless.

Which is why I bring it up to the 2+2 programming experts.

But not every page request is a POST. Most are GET. And url params are the analog of those form parameters in a GET.

The main mistake I think you're making is generalizing too early. You notice that there are some cases where url params can be security risks, and then decided they were stupid altogether.

I can pass args with GET the same as POST. I guess this is language / framework dependent, though I don't see why a function rendering a page from GET or POST route has to be treated differently. One is a special case of the other.

Yes, and I've been convinced that said logic is wrong after thinking about this more low-level.

It's not. It's an HTTP thing. It doesn't matter what language or framework you use, ultimately it has to delegate to http. So if you can do a GET that has parameters in your framework, then it's either using cookies or query strings. jj already brought up the issues with using cookies for GET.

And GET and POST are different actions, one is not a special case of the other. If you think of it that way, it's probably because your framework is abstracting away details from you that you'd be better of knowing.

The bottom line here is that query strings are the correct way to issue GET requests requiring parameters, and your ill-founded dislike of them can't change that.

I see how my post can be confusing. I did not mean that GET and POST are special cases of each other.

I meant that functions taking args from a POST or GET route are special cases of each other. There is no fundamental difference between these functions just because one page has a submittable form field and another does not. There is no fundamental difference between a function that does an action from POST and one that renders a page from GET (I'm not sure what .Net does in the bowels, but every "form" page must be wrapped with <form> tags, so perhaps there is a difference?).

I already ceded that there is no deep difference in how the query strings are presented in the browser window. Are they visibility irritating to me? Yes, but I won't kid myself in thinking I am doing something significantly different after this discussion.

So yes, in the basic sense, there is nothing wrong with which way one wants to render the url. It apparently becomes problematic when more information is revealed than needed. I'm not sure why FB allows this extra information to be presented, but I guess it has to do with scale.

I guess I suck at explaining myself today.

But there are other considerations like SEO, marketing, etc. (@gaming_mouse)

I like how the google search result links are long and full of query variables but the status bar shows the url you'll be redirected to. I think most people are pretty oblivious to what's going on in the address bar. A few times people have copy pasted a youtube video on forums and the extra query params make youtube play the playlist of their personal 'liked' youtube videos. I guess the google guys decided the url should reflect the state of the page at the time but when sharing links, I doubt people intended to share their playlists.

It would probably take like 4 lines of javascript to completely hide the real url from your users if you don't want them to see them.

Totally. I'm a fan of parametery routes as long as they look nice

Yes, most people are oblivious to a lot of things on the web and computers in general, however, that doesn't mean that I always want to program to the LCD either.

I've seen quite a few people who don't use the back arrow key to navigate to the previous page: they hit ctr-d and delete the part they don't want.

Most people don't use tab to navigate the next form field, but that doesn't mean I will just auto-target and remove the ability to navigate around with tab and other keyboard functions (this is very bad for accessibility as well).

I've seen astounding amount of people enter the URL of the site they want to go to in Google and I want to scream at them every time, but I don't, and I certainly don't design my sites around this assumption.

Why would you do this? I certainly wouldn't use JavaScript for this.

Lol I'm so guilty of doing this. I just hate mistyping the URL so I just have google autocorrect

I have a few interesting situations at work. We have this program we want to use sitting on the local CentOS VM right now and no one is willing or able to deploy the thing. I asked them to hire someone else to do it. They have a friend who, I guess knows something or other about computers and asked me to speak to him about it.

"Do you know anything about Linux?"

--> I'm not certified in it.

"Have you ever deployed a server?"

--> Blah blah blah (no he didn't know what I meant).

"I mean, a web server..."

--> Uh... no.

"Okay, do you know how to use Vagrant or Git at least?"

--> Never heard of those.

I'm seriously at a loss of what to do here. I mean, the company likes to dump money on a bunch of solutions that don't do a damn thing right. They waited for some of their "developer" friends to create a website for an entire year. They didn't do anything with it except screw around with the CSS. Now they refuse to release any of the open-sourced code or let the company have access to the server they paid for, which is just wrong on so many levels. They asked if I thought it was okay to sue the idiots. I didn't answer that without all the information, but I did tell them I thought these people are jackasses.

I'm starting to become more and more FOSS. I'm not saying all closed-source is wrong, but it amazes me how these particular people feel they can your data and life, and even when using FOSS, they just don't get it at all.

I dunno, I wouldn't. It's a quick fix compared to managing cookies imo. I thought you found query params distasteful.

yea I do it too if it isn't a site I use alot. It's easier to type in the first 5 letters and have google autocomplete the url than typing out the whole url only to find its .org instead of .com or whatever.

dave,

Some languages do you let you read in both querystring and POST variables on the server side. For example with PHP you can use $_REQUEST which gets everything including cookie variables.

I did a million sites and I never had a legit use case for using it though. You generally always want to know where your input came from. There are also times where you just want to loop through all of the POST variables while you already have other stuff in the URL so fetching all of the querystring values at the same time would be annoying in this case.

Test tomorrow on Collections, Generic types, and *shudder* Java2D. Gonna kill it probably.

Hopefully won't get asked how many methods does the GeneralPath class have or **** like that.

Good luck. I had my 2nd midterm for my java class. We are allowed to bring cheat sheets one for each chapter. I being careless, completely forgot the notes. Luckily the test was pretty easy and I aced it #brag.

Also my brother is taking his first computer course at a UNI and with him being two weeks in, it's on another level of difficulty in comparison to my community college course.
#lolcommunitycollege